sherlock-audit 2024-05-midas-judging issues

sherlock-audit / 2024-05-midas-judging

13 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

DEPOSIT KYC

#196 Dila1991 closed 5 months ago
0
VALIDATE TRUNSFER PI KYC

#195 Dila1991 closed 5 months ago
0
Same Heartbeat Check For All Price Feeds

#194 sherlock-admin4 closed 5 months ago
5
Arbitrum No Price Feed IB01 USD

#193 sherlock-admin2 closed 5 months ago
0
Unneeded Variable Sender

#192 sherlock-admin3 closed 5 months ago
2
Inconsistent gap sizes in the contract

#191 sherlock-admin4 closed 5 months ago
2
PausableUpgradeable not initialized

#190 sherlock-admin2 closed 5 months ago
2
Gas optimization

#189 sherlock-admin3 closed 5 months ago
2
USE OF CUSTOM MADE ERROR

#188 sherlock-admin4 closed 5 months ago
0
Bigsam - ERROR IN DECIMAL REPRESENTATION

#187 sherlock-admin3 closed 5 months ago
0
MohammedRizwan - Possible revert or DOS in case of USD wire transfer in `DepositVault.deposit()`

#186 sherlock-admin2 closed 5 months ago
6
goluu - Opportunity Cost Loss of User's Funds

#185 sherlock-admin4 closed 5 months ago
0
plairfx - `MidasAccessControl::_setupRoles` will not change the `DEFAULT_ADMIN_ROLE` used in `WithMidasAccesControl`

#184 sherlock-admin3 closed 5 months ago
10
bhilare_ - A user can redeem some else token other than the deposited one, which can cause issue for other users.

#183 sherlock-admin2 closed 5 months ago
1
Tri-pathi - A User can deposit below minAmountToDepositInEuro first time

#182 sherlock-admin4 closed 5 months ago
0
Bigsam - Missing Fee Implementation in Deposit and Redeem Functions

#181 sherlock-admin3 closed 5 months ago
0
krot-0025 - Incorrect Conversion Method in `redeem` Function Leading to Potential Loss of Funds

#180 sherlock-admin2 closed 5 months ago
0
Afriaudit - REDEMPTION_VAULT_ADMIN_ROLE and DEPOSIT_VAULT_ADMIN_ROLE allows Pausing and Unpausing of `DepositVault` and `RedemptionVault` Contract

#179 sherlock-admin4 closed 5 months ago
0
dimah7 - Users can bypass the initial deposit amount and paused checks by direct transfers, which breaks protocol's intended functionality

#178 sherlock-admin3 closed 5 months ago
7
dhank - Function used to grant role is not decalred or initialized anywhere.

#177 sherlock-admin2 closed 5 months ago
0
Bigsam - Lack of Modifier onlyGreenlisted(msg.sender) in function withdrawToken will make frontrunning of admin who calls blacklist/pause while the malicious user withdraws his token succesfully.

#176 sherlock-admin4 closed 5 months ago
1
MohammedRizwan - User won't be able to get back their deposited USDC token if their address is blacklisted

#175 sherlock-admin3 closed 5 months ago
20
MarshallPrice - If access to the _tokensReceiver address is compromised or lost, you will not be able to replace it.

#174 sherlock-admin2 closed 5 months ago
0
petarP1998 - Deposit Will Not Work Correct

#173 sherlock-admin4 closed 5 months ago
0
ZdravkoHr. - DataFeed does not check for `minAnswer` and `maxAnswer` when retrieving the price

#172 sherlock-admin3 closed 5 months ago
0
plairfx - `Pausable.sol::pauseAdminRole` will return 0x00 which gives users with no roles the abillity to pause and unpause.

#171 sherlock-admin2 closed 5 months ago
1
Tri-pathi - DataFeed will return stale price due to large `_HEALTHY_DIFF` than heartbeat

#170 sherlock-admin4 closed 5 months ago
1
0xb0k0 - Improper input valdation in `DepositVault::deposit()` function may lead to invalid protocol state and improper token minting

#169 sherlock-admin3 closed 5 months ago
0
Tri-pathi - deposit and redeem functions lack slippage mechanism

#168 sherlock-admin2 closed 5 months ago
0
PNS - User Will Be Repeatedly Subject to Minimum Deposit Condition

#167 sherlock-admin4 closed 5 months ago
0
sandy - Invalid assumption about the current price feed pair being used can lead to some implications.

#166 sherlock-admin3 closed 5 months ago
1
PNS - Contract Upgrade Pattern may be broken

#165 sherlock-admin2 closed 5 months ago
0
MohammedRizwan - Malicious user can front run blacklist role transaction to prevent his address from redeem of tokens

#164 sherlock-admin4 closed 5 months ago
6
sandy - USDC blacklist and ``tokensReceiver`` being a single point of failure.

#163 sherlock-admin3 closed 5 months ago
7
Tri-pathi - `DepositVault::totalDeposited` increasing user totalDeposited value more than transferred token amounts

#162 sherlock-admin2 closed 5 months ago
0
dvyneEth - TRANSFER TO BLACKLISTED USER

#161 sherlock-admin4 closed 5 months ago
0
PNS - User Can Self-Revoke Role

#160 sherlock-admin3 closed 5 months ago
0
Kalogerone - Unsafe accounting threatens to break the mTBILL token peg to the IB01 price

#159 sherlock-admin2 closed 5 months ago
16
MohammedRizwan - Chainlink oracle returns stale price due to incorrect `_HEALTHY_DIFF` variable which is hardcoded to `3 days` causing losses in normal/volatile markets

#158 sherlock-admin4 closed 5 months ago
1
aman - The Integration of Price Feed is not correct and vulnerable to stale price

#157 sherlock-admin3 closed 5 months ago
1
Audinarey - depositors can make deposits at less than the `minAmountToDepositInUsd()` and recieve more `mTBill`

#156 sherlock-admin2 closed 5 months ago
1
den_sosnovskyi - Proxies `initialize` functions can be called by anyone

#155 sherlock-admin4 closed 5 months ago
0
recursiveEth - Unprotected Initialization Function in Smart Contract Leads to Potential Race Condition Vulnerability

#154 sherlock-admin3 closed 5 months ago
0
den_sosnovskyi - `BLACKLISTED_ROLE` role can be renounced by anyone

#153 sherlock-admin2 closed 5 months ago
0
s1ce - Decimals for `amountUsdIn` and `minAmountToDepositInUsd` differ, leading to no real min threshold actually being set

#152 sherlock-admin4 closed 5 months ago
0
recursiveEth - Vulnerability in Access Control Allows Blacklisted Users to Revoke Blacklist Role

#151 sherlock-admin3 closed 5 months ago
0
serial-coder - `DataFeed::getDataInBase18()` can report stale prices, allowing depositors to deposit USDC amounts under the protocol's requirement

#150 sherlock-admin2 closed 5 months ago
1
T_F_E - Users can loose their funds when redeeming

#149 sherlock-admin4 closed 5 months ago
0
Sabit - The `addPaymentToken` function allows adding duplicate token addresses to the `_paymentTokens`

#148 sherlock-admin3 closed 5 months ago
0
yovchev_yoan - [M-1] `Pausable.sol::__Pausable_init` does not initialize PausableUpgradeable

#147 sherlock-admin2 closed 5 months ago
1